JSA Series Secure Analytics Appliances Datasheet

Download Datasheet

Product Overview

JSA Series Secure Analytics is an integral part of the Juniper Connected Security portfolio, which extends security to every point of connection on the network to safeguard users, data, and infrastructure from advanced threats.

The integrated approach of JSA Series Secure Analytics, used in conjunction with unparalleled data collection, analysis, correlation, and auditing capabilities, enables organizations to quickly and easily implement a corporate-wide security management program that delivers security best practices. These include superior log analytics with distributed log collection and centralized viewing; threat analytics that provide real-time surveillance and detection information; and compliance management capabilities—all viewed and managed from a single console.

 

Product Description

Juniper Networks® JSA Series Secure Analytics Appliances combine, analyze, and manage an unparalleled set of surveillance data—network behavior, security events, vulnerability profiles, and threat information—to empower companies to efficiently manage business operations on their networks from a single console.

  • Log Analytics: JSA Series Secure Analytics provides scalable log analytics by enabling distributed log collection across an organization and a centralized view of the information.
  • Threat Analytics: JSA Series Secure Analytics provides an advanced network security management solution that bridges the gap between network and security operations to deliver real-time surveillance and detect complex IT-based threats.
  • Compliance Management: JSA Series Secure Analytics brings to enterprises, institutions, and agencies the accountability, transparency, and measurability—critical factors to the success of any IT security program required to meet regulatory mandates.
  • Vulnerability Management: Deployed as a standalone solution or working in conjunction with Threat Analytics, JSA Series Secure Analytics can function as a full-featured vulnerability scanner.
  • Risk Management: JSA Series Secure Analytics helps security professionals stay ahead of advanced threats by proactively quantifying risks from vulnerabilities, configuration errors and anomalous network activity, preventing attacks that target high-value assets and data.

With preinstalled software, a hardened operating system, and a web-based setup process, the JSA Series Secure Analytics lets you get your network security up and running quickly and easily. The bottom line is simple deployment, fast implementation, and improved security, at a low total cost of ownership.

 

Architecture and Key Components

JSA Series Secure Analytics Virtual Appliance

The JSA Series Secure Analytics Virtual Appliance is a virtualized platform that provides Secure Analytics functionality. JSA Virtual Appliance is designed to run either as JSA virtual machine (VM) “All-in-One” or JSA VM Distributed with VMWare ESXi 6.7 and later. The JSA Virtual Appliance “All-in-One” runs all core functions on the same physical hardware and can process up to 30,000 events per second (EPS) and 1,200,000 flows per minute (FPM), while the JSA Virtual Appliance Distributed supports up to 80,000 EPS and 3,600,000 FPM depending on the VM specifications.

 

Features and Benefits

Table 1. JSA Series Secure Analytics Features and Benefits
Features Feature Description Benefits
All-in-One Event collection, flow collection event processing, flow processing, correlation, analysis, and reporting are all embedded within JSA Series Secure Analytics.
  • All core functions are available within the system, making it easy for users to deploy and manage in minutes.
  • JSA Series Secure Analytics architecture provides a streamlined solution for secure and efficient log analytics.
Distributed support JSA Series Secure Analytics can scale to large, distributed deployments that can support up to 5 million events per second.
  • Users have the flexibility to scale large deployments as their business grows.
  • JSA Series Secure Analytics can be easily deployed in large, distributed environments.
Easy and quick install JSA Series Secure Analytics comes with an easy, out-of-the-box setup wizard.
  • Users can install and manage JSA Series Secure Analytics Appliances in a couple of steps.
Automatic updates JSA Series Secure Analytics automatically downloads and deploys reputation feeds, parser updates, and patches.
  • Users don’t need to worry about maintaining appliance and OS updates and patches.
High availability (HA) Users can deploy all JSA Series Secure Analytics appliances in HA mode.
  • Users can deploy JSA Series Secure Analytics with full active/passive redundancy to support all deployment scenarios (All-in-One and Distributed).
Built-in compliance reports Out-of-the-box compliance reports are included with the JSA Series Secure Analytics.
  • JSA Series Secure Analytics provides more than 500 out-of-the-box compliance reports.
Reporting and alerting capabilities for control framework
  • Control Objectives for Information and related Technology (CobiT)
  • International Organization for Standardization (ISO) ISO/IEC 27002 (17799)
  • Common Criteria (CC) (ISO/IEC 15408) NIST special publication 800-53 revision 1 and Federal Information Processing
  • Standard (FIPS) 200
  • JSA Series Secure Analytics enables repeatable compliance monitoring, reporting, and auditing processes.
Compliance-focused regulation workflow
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Sarbanes-Oxley Act (SOX)
  • Graham-Leach-Bliley Act (GLBA)
  • Federal Information Security Management
  • Act (FISMA)
  • JSA Series Secure Analytics supports multiple regulations and security best practices.
  • Includes compliance-driven report templates to meet specific regulatory reporting and auditing requirements.
Management-level reports on overall security state The JSA Series Secure Analytics reports interface allows you to create, distribute, and manage reports generated in PDF, HTML, RTF, XML, or XLS formats.
  • Users can use the report wizard to create executive and operational level reports that combine network traffic and security event data in a single report.
One-stop support Juniper Networks Technical Assistance Center (JTAC) supports all aspects of the JSA Series Secure Analytics.
  • Users don’t need to go to several places to get support, even for multivendor issues.

 

Log Analytics

JSA Series Secure Analytics provides a comprehensive log analytics framework that includes scalable and secure log analytics capabilities integrated with real-time event correlation, policy monitoring, threat detection, and compliance reporting.

Table 2. Log Analytics Features and Benefits
Features Feature Description Benefits
Comprehensive log management JSA Series Secure Analytics delivers scalable and secure log analytics with capabilities to store GB to TB of data. Provides long-term collection, archival, search, and reporting of event logs, flow logs, and application data that enables logging taxonomy from a centralized view.
Comprehensive reporting JSA Series Secure Analytics comes with more than 1,300 canned reports. Report Wizard allows users to customize and schedule da ily, weekly, and monthly reports that can be exported in PDF, HTML, RTF, Word, Excel, and XML formats. Provides users the convenience of canned reports and the flexibility to create and customize their reports according to business needs.
Log management and reporting only option JSA Series Secure Analytics provides a comprehensive log management and reporting solution with a distributed log analytics only solution to collect, archive, customize, and analyze network security event logs. Allows users to start with a log management and reporting-only option and upgrade to full-feature JSA Series Secure Analytics functionality as their business need grows—without upgrading their existing hardware.
Log retention and storage JSA Series Secure Analytics database can easily archive logs and integrate them into an existing storage infrastructure for long-term log retention and hassle-free storage. Enables organizations to archive event and flow logs for whatever time period is specified by a specific regulation.
Tamper-proof data
  • Event and flow logs are protected by SHA and MD hashing algorithms1 for tamper-proof log archives.
  • Support for extensive log file integrity checks, including the National Institute of Standards and Technology (NIST) log management standards.
 Provides secure storage based on industry regulations.
Real-time event viewing JSA Series Secure Analytics allows users to monitor and investigate events in real time or perform advanced searches. The event viewer indicates what events are correlated to offenses and which are not.
  • Enables a quick and effective view and filters real-time events for users.
  • Provides a flexible query engine that includes advanced aggregating capability and IT forensics.
Data warehousing JSA Series Secure Analytics includes a purpose-built data warehouse for high-speed insertion and retrieval of data archive of all security logs, event logs, and network activity logs (flow logs). Enables full audit of all original events and flow content without modification.

1 Hashing algorithms supported

Threat Analytics

JSA Series Secure Analytics takes an innovative approach to managing computer-based threats in the enterprise. Recognizing that discrete analysis of security events is not enough to properly detect threats, we developed the JSA Series Secure Analytics to provide an integrated approach to threat analytics that combines the use of traditionally siloed information to more effectively detect and manage today’s complex threats. Specific information that is collected includes:

  • Network Events: Events generated from networked resources, including switches, routers, servers, and desktops.
  • Security Logs: Includes log data generated from security devices like firewalls, VPNs, intrusion detection/ prevention, antivirus, identity management, and vulnerability scanners.
  • Host and Application Logs: Includes log data from industry-leading host operating systems (Microsoft Windows, UNIX, and Linux) and from critical business applications (authentication, database, mail, and Web).
  • Network and Application Flow Logs: Includes flow data generated by network devices and provides an ability to build network and protocol activity context.
  • User and Asset Identity Information: Includes information from commonly used directories, including Active Directory and Lightweight Directory Access
  • Protocol (LDAP). By incorporating patent pending “offense” management technology, this integrated information is normalized and correlated by the JSA Series Secure Analytics, resulting in automated intelligence that quickly detects, notifies, and responds to threats missed by other security solutions with isolated visibility.
Table 3. Threat Analytics Features and Benefits
Features Feature Description Benefits
Out-of-the-box correlation rules JSA Series Secure Analytics rule correlation allows users to detect specific or sequential event flows or offenses. A rule consists of tests and functions that perform a response when events match.
  • Provides hundreds of out-of-the-box correlation rules that provide immediate value.
  • Allows users to create their own rules by using the JSA Series Secure Analytics rule wizard to generate automated alerts and enable real-time policy enforcement.
Offense management The offense manager allows you to investigate offenses, behaviors, anomalies, targets, and attackers on your network. The JSA Series Secure Analytics can correlate events and network activity with targets located across multiple networks in the same offense and the same network incident.
  • Allows users to effectively investigate each offense in their network.
  • Supports user navigation through a common interface so they can investigate the event details to determine the unique events that caused the offense.
QID mappings JSA Series Secure Analytics associates or maps a normalized or raw event to a high-level and low-level category.
  • Allows users to see real-time events mapped to appropriate categories.
  • Enables mapping of unknown device events to known JSA Series Secure Analytics events to be categorized and correlated appropriately.
Historical profiling JSA Series Secure Analytics collects and stores entire event data for later use, enabling extensive historical profiling for improved accuracy.
  • Allows users to view historical data at any given point and provides views into incident management and the tracking of events.
JSA Series Secure Analytics magistrate JSA Series Secure Analytics magistrate component prioritizes the offenses and assigns a magnitude value based on several factors, including the number of events, severity, relevance, and credibility.
  • Allows users to see prioritized security events rather than looking through thousands of log events.
  • Enables users to see what events have the most impact on their business and respond quickly to threats.
Offense manager API JSA Series Secure Analytics provides a set of open APIs to modify and configure incident management parameters like “create, close, and open.”
  • Allows users to integrate third-party customer care applications like Remedy and other ticketing solutions.
Flow support Flow support includes NetFlow, J-Flow, sFlow, and IPFIX.
  • Enables collection, visibility, and reporting of network traffic.
  • Includes Network Behavior Anomaly Detection (NBAD) to detect rough servers, and APTs based on network activity.

 

Vulnerability Management

As a feature of JSA Series Secure Analytics, Juniper Secure Analytics Vulnerability Manager helps organizations minimize the chances of a network security breach by proactively finding security weaknesses and mitigating potential risks. Organizations can discover and highlight high-risk vulnerabilities from an integrated dashboard and automate regulatory compliance through powerful collection, correlation, and reporting tools.

 

Risk Management

Juniper Secure Analytics Risk Manager is an integral component of a complete security intelligence solution, helping security professionals detect and mitigate advanced threats. The ability to proactively quantify risk from vulnerabilities, configuration errors, anomalous network activity, and other outside threats can help organizations prevent exploits that target high-value assets and data.

Table 4. Risk Management Features and Benefits
Features Feature Description Benefits
Risk Manager Topology Viewer Enables users to see network devices and their respective relationships, including subnets and links. Helps visualize current and potential network traffic patterns with a network topology model, based on security device configurations.
Device configuration management Automates the collection, monitoring, and auditing of device configurations across an organization’s switches, routers, firewalls, and intrusion detection system/intrusion prevention system (IDS/IPS) devices. Provides centralized network security device management, reducing configuration errors and simplifying firewall performance monitoring.
Advanced investigative network topology, traffic, and forensics tools Provides unique, risk-focused, graphical representations of the network from two network visualization security tools. Network and security teams gain critical vulnerability information before, during, and after an exploit. Quantifies and prioritizes risks with a policy engine that correlates network topology, asset vulnerabilities, and actual network traffic, enabling risk-based remediation and facilitating compliance.

 

Compliance Management

Organizations of all sizes across every vertical market face
Dimensions and Power a growing set of requirements from IT security regulatory mandates. Recognizing that compliance with a policy or regulation will evolve, many industry experts recommend a compliance program that can demonstrate and build upon the following key factors:

  • Accountability: Providing surveillance that reports on who did what and when
  • Transparency: Providing visibility into the security controls, business applications, and protected assets
  • Measurability: Metrics and reporting around IT risks

 

Licensing

JSA Series Secure Analytics is available in two different licensing options:

  • Log Analytics: Enables event searching, custom dashboards, and scheduled reporting
  • Threat Analytics: All log analytics features, flow support, advanced correlation, and vulnerability assessment integration

 

JSA Virtual Appliance Specifications

  JSA VM All-in-One JSA VM Distributed
Maximum EPS* 30,000 80,000
Flows per minute* 1,200,000 3,600,000

*All EPS and FPM numbers are based on virtual machine  specification.

 

Juniper Networks Services and Support

Juniper Networks is the leader in performance-enabling services designed to accelerate, extend, and optimize your high-performance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value for your network. Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more details, please visit:
https://www.juniper.net/us/en/services.html
https://www.juniper.net/us/en/products.html

 

Ordering Information

Please contact your Juniper sales representative for the latest JSA Series Secure Analytics ordering information.

 

About Juniper Networks

Juniper Networks brings simplicity to networking with products, solutions and services that connect the world. Through engineering innovation, we remove the constraints and complexities of networking in the cloud era to solve the toughest challenges our customers and partners face daily. At Juniper Networks, we believe that the network is a resource for sharing knowledge and human advancement that changes the world. We are committed to imagining groundbreaking ways to deliver automated, scalable and secure networks to move at the speed of business.

 

1000476 - 015 - EN DECEMBER 2023